Lemonldap-Ng Apache vulnerabilities
2 known vulnerabilities affecting lemonldap-ng/apache.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2020-36658HIGHCVSS 8.1fixed in 0.52023-01-27
CVE-2020-36658 [HIGH] CVE-2020-36658: In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default whe
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
nvd
CVE-2020-36659HIGHCVSS 8.1fixed in 1.3.62023-01-27
CVE-2020-36659 [HIGH] CVE-2020-36659: In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by def
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
nvd